Senior Programmer/Analyst, Security Analyst

Okanagan College

Description

OKANAGAN COLLEGE
Okanagan College transforms lives and communities. We are one of Canada’s leading colleges. We create outstanding educational experiences for our learners, both students and employees. We work and learn in a welcoming and caring culture. We are a catalyst for change through collaboration with our learners and partners. We serve, lead and anticipate the social, economic and environmental needs of communities.

Position Title:
Senior Programmer/Analyst, Security Analyst

Competition Number:
C001994

Division/Portfolio:
IT Services

Department/Program:
Network Services

Campus/Centre:
Kelowna

Flexible Work Options:
Any Okanagan College Location, Remote Work (BC Only)

Your Opportunity:

Under the direction of the Manager, IT Security, the Senior Programmer Analyst, Security Analyst provides subject matter expertise, advisement, implementation, and senior technical security experience to the Okanagan College IT department. Responsibilities include ongoing protection of information security assets, devices, applications, networks, websites, on-premise and cloud-based systems. The role guides development and implementation of new security solutions or system changes and provides incident response, investigation, mitigation, and prevention activities. The Security Analyst is hands-on with daily IT operations and technical teams to ensure Okanagan College delivers secure services, protects sensitive information, and follows regulatory and industry security best practices. Additionally, participates in the creation and maintenance of policies, standards, baselines, guidelines and procedures, conducts audits, penetration testing, vulnerability assessments, and assists with security advocacy and awareness training throughout the organization.

Education and Experience:

Graduation from a four-year university/college computer science program, plus a minimum of 6 years progressive and directly related technical experience in the areas of IT Security, Penetration Testing, Software Development and/or Systems Administration.
Comprehensive knowledge of information security principles, standards, best practices, and industry trends is required.
Professional certifications or extended training in Penetration Testing, Network/Application Security, Cloud Security, Service virtualization or Windows and Linux System Administration are an asset. (Examples: GIAC, CISSP, CISM, OSCP, CompTIA Security+)
Experience working in Post-Secondary Education environment, or with large public sector enterprise systems would be an asset

Functions and Duties:

1. Provides technical security subject matter expertise for the IT department; Executes on critical architecture, design, implementation, testing, operational, compliance, training, and review tasks related to information security and cybersecurity for services delivered by Okanagan College IT
2. Oversees and approves security or compliance related changes to the IT environment including production systems, software releases, new applications or components, changes to system design, functionality and configuration, SSO/authentication, 3rd party integrations, and other IT deliverables
3. Performs security related hardening and testing including application or network penetration testing, threat hunting, vulnerability testing, new/proposed system evaluation, configuration changes, and system/OS hardening.
4. Conducts security audits and assessments. Reports findings to management. Makes recommendations for solutions and assists operational teams to meet regulatory compliance, mitigate risks and improve security posture
5. Performs, verifies and assists operational teams with up-to-date device, system, OS, and software patching
6. Performs security assessments of new projects and technology implementations. Assists development, project, and operational teams to implement
7. Supervises and monitors work of IT team members on security related projects and tasks
8. Performs incident response and support activities including detection, investigation, mitigation, reporting, and remediation of security problems, incidents, breaches, data loss/damage and data privacy issues
9. Researches latest vulnerabilities, exploits, security trends and new technology to better protect systems and data. Actively evaluates and searches the internal and external landscape for new threats to information security
10. Assists management and IT Services leadership to develop and establish new security frameworks and strategy, select platforms, technologies, and services to meet strategic direction and future need, provide input and recommendation for secure solutions, technical innovation, operational efficiency, and service excellence.
11. Recommends resource requirements, including hardware and software necessary to support security initiatives, compliance, or add security functionality to the OC information infrastructure
12. Participates and contributes to IT security training and awareness activities. Makes presentations and demonstrations to IT peers, Okanagan College faculty, staff and senior management.
13. Performs other duties as assigned

Skills and Abilities:

Strong security, system administration, networking, and software abilities, including:
• Comprehensive knowledge of information security principles, standards, best practices, and industry trends. Familiar with common attack vectors, tools, and mitigation strategies. Able to deploy and use security tools and techniques in daily operations
• Exceptional analytical, troubleshooting, and problem-solving skills. Ability to investigate and assess security, network, and software-related issues, analyze data such as logs or packet captures from various sources within the enterprise and draw conclusions regarding security incidents, system access, functionality, or other troubleshooting
• Ability to perform security audits, network and application penetration testing, vulnerability assessments, incident response/management, and general security assessments/testing. Can produce written reports to communicate findings and make recommendations to technical teams and management
• Ability to define, apply, promote, and advocate for security best practices, standards, data privacy, secure architecture/coding, and quality assurance standards across the organization
• Advanced networking concepts, understanding of web application communication and network protocols, including DNS, TCP/IP, UDP, HTTP/S, SSL/TLS, IP addressing, ports, web sockets, network firewall and switch configuration
• Advanced System and OS Administration on Windows and Linux servers. Comfortable with system configuration and hardening, patching, command line tools, shell/batch scripting (Linux Bash/shell, Windows Powershell, Python, etc)
• Strong architectural and design concepts, including application stacks, high availability, load balancing/proxy, SSL, SSO, security, authentication and authorization, session management, Active Directory integration
• Solid understanding of virtualization, containerization, orchestration, cloud service architecture, build pipeline and deployment automation, infrastructure as code (VMWare, Docker, Kubernetes, Git, Jenkins, Azure, AWS)
• Good relational database concepts and SQL skills using enterprise databases (e.g. Oracle, MS SQL Server, MySQL)
• Exceptionally motivated learning ability. Researches latest security products, trends, malware, exploits, attack vectors and stays up to date with emerging technologies and tools. Actively seeks continuous improvement and professional development
• Very strong written, oral, and interpersonal communication skills. Must be able to participate in meetings and group discussions, work effectively with interdisciplinary teams, create formal and informal documentation, and exercise courtesy, professionalism, tact and discretion
• Highly self-motivated and directed; Ability to work with limited supervision, provide supervision and guidance to others within subject matter expertise area. Ability to work both independently and in a team-oriented, collaborative environment
• Ability to effectively prioritize and execute tasks in a high-pressure environment
• Leads by example, creates positive team culture, demonstrates technical and service excellence

Appointment Type:
Support – Regular Full-time

Appointment Start Date:
06/06/2022

Schedule:
Monday to Friday – 8:00 AM to 4:00 PM

Annual Salary/Hourly Rate:
$57,693 – $65,971 NOTE: In addition to the annual salary, a $10,000 annual labour market stipend applies to this position.

Special Instructions to Applicants:

Remote work available however, preference will be given to those who reside in the Okanagan region and are able to work at one of the Okanagan College campuses on planned days.

Shortlisted internal candidates must notify the current Support Staff Bargaining Chairperson and Human Resources if they want a Union Observer during interviews and final selection of candidates.

Posting Opening Date:
05/12/2022

Posting Closing Date:
05/23/2022

How to Apply

APPLICATIONS:

To apply for this position, please go to our employment site: https://www.employmentopportunities.okanagan.bc.ca and complete an on-line application.

All applications must be submitted through our employment site to be considered.

Okanagan College is committed to increasing the equitable and inclusive participation of marginalized people in all aspects of college life. We welcome and encourage applications from Indigenous Peoples, Black People, members of racialized groups/visible minorities, people with disabilities and people with diverse gender identities or expressions. People with disabilities who anticipate needing accommodations for any part of the application process may contact, in confidence, AccessibilityHR@okanagan.bc.ca